are company entitled to read your emails?

LegacyUser

Wife got the sack last week for sending out some emails from her company email account that the company deemed inappropriate and a breach of privacy.

Do the company have the right to check her emails like this without warning her that her emails are being monitored? It was her company email account

They called her in for a meeting completely out of the blue and had some email correspondence between her and another company printed out, and sacked her on the spot.

Was this a breach of her privacy?

Eoin

Some info on this page

Monitoring of e-mail systems
The employer must be clear about his or her e-mail and internet policies and these policies must be clearly communicated to employees. No covert e-mail monitoring is allowed by employers, except in a case where specific criminal activity has been identified and the surveillance is required to obtain evidence and subject to the respect of legal and procedural rules. For example, if the employer or police suspects that an employee is using workplace e-mail and the internet contrary to the provisions of the Child Trafficking and Pornography Act 1998.

Before implementing any e-mail monitoring policy in the workplace, employers must ask themselves:

Whether the workers know that the e-mail will be monitored
Whether the monitoring is necessary. Could the same results be achieved with traditional methods of supervision?
Whether the proposed processing of personal data is fair to employees
Whether the monitoring is in proportion to the concerns it tries to address.
The monitoring of e-mails should, if possible, be limited to traffic data on the participants and time of a communication rather than the contents of communications if this would be sufficient to allay employers concerns.

If access to an e-mail's content is absolutely necessary, the employer should take into account the privacy of people outside the organisation receiving the e-mail as well as those inside. The employer, for instance, cannot obtain the consent of people outside the organisation sending e-mails to its workers. The employer should make reasonable efforts to inform people outside the organisation of the existence of monitoring activities to the extent that these people could be affected by them. An example could be the insertion of warning notices regarding the existence of the monitoring systems, which may be added to all outbound e-mails from the organisation.

Mrs OBumble

Is there really any employee in the world who does not think that their work email is monitored?

Surely sending an email from a company account is equivalent to sending a letter on their letterhead, so of course employees are responsible for what they send?

Eoin

Incidentally, is she sure that it was monitored and not reported by someone who had received the email?

Anyway, she should check her employee handbook and internet/email acceptable usage policies. Any formal disciplinary procedure comes with the right to appeal and full details of the issue, so she should ask for all that info then.

ABajaninCork

So sorry to read of your wife's troubles and hope a solution can be found.

But what happened to your wife is precisely why I never send personal e-mails from a company account or surf the net other than BBC/RTE news. Nor do I let my friends know my work e-mail addy as there's no telling what they might send.

Lanaier

Whether it's legal or not, they CAN read your company e-mails.

This is reason enough to never use a work account for anything but work

Xcellor

bradleybraveheart wrote: »

Wife got the sack last week for sending out some emails from her company email account that the company deemed inappropriate and a breach of privacy.

Do the company have the right to check her emails like this without warning her that her emails are being monitored? It was her company email account

They called her in for a meeting completely out of the blue and had some email correspondence between her and another company printed out, and sacked her on the spot.

Was this a breach of her privacy?

What was the contents of the message? Seems harsh to be honest but it depends on what she sent and who she sent it to.

bbam

Two things spring to mind...
Did she reveal any company information she shouldn't? What was the breach of privacy she committed..

I worked for an American MN and definitely if you revealed company sensitive information to another company it was an offence you could be terminated for..

The company I worked for:
It's their system and you only have the use of their facilities.. Passwords etc are only to protect your account from other employees not from the company who essentially own all information in your account

Xcellor

One of the first companies I worked for had an IT policy which was unknown to everyone in the office. I was having problems accessing a website for work and so I ftp'd and downloaded another browser and installed.

ITs security policy had set up a proxy that couldnt be changed on IE.... there was an open gateway though so effectively any browser you installed other than IE would work. I had only started a few weeks. Roll forward a couple of weeks and I understand what "IT" is like so I uninstall all the stuff. But it left a short cut on a shared profile... IT spotted it during an installation. I got a verbal warning....

Was not happy but was my first job and my first month. Was not going to contest it tbh. The warning form made me out to be some sort of leet hacker... I suppose to cover the sh1t job IT did in protecting their IT network. Suppose in some companies I might have been fired on the spot.

hattoncracker

The policies that are put in place for the mail servers are there to protect the company and the network.

From an administrative point of view, email accounts in companies have to be monitored, not only to track incoming attachments to make sure there are no viruses there that could breach the network or to find out where they came from but also to stop people from leaking company data, and to help plug those leaks.

It's more than likely written into your contract or a Network Policy Agreement that she definitely would have signed.

Lanaier

Xcellor wrote: »

One of the first companies I worked for had an IT policy which was unknown to everyone in the office. I was having problems accessing a website for work and so I ftp'd and downloaded another browser and installed.

You got a warning for THAT?
What kind of cnutish companies are out there?

TBH it was there fault for making it that easy, rolling out a locked down pc image isn't the hardest thing in the world.

Xcellor

Lanaier wrote: »

You got a warning for THAT?
What kind of cnutish companies are out there?

TBH it was there fault for making it that easy, rolling out a locked down pc image isn't the hardest thing in the world.

Yes. At the time I couldn't believe it. It wasn't like I was doing it with any malicious intent. Also they said I installed "unauthorized material". It was a gaming PC company and we had magazines with demos on. I installed one of the previews to see what it was like.

I still have the written form, I laugh at it. So ridiculous and petty.

I managed to help to improve things before I left, got our own DSL connection, own lab computers etc. A few months after I leave the place closes

syklops

Lanaier wrote: »

You got a warning for THAT?
What kind of cnutish companies are out there?

Lots. And tbh for good reason, in a world where an employee clicking on a link in an email can backdoor the entire corporate network. Speaking as an employee though, it also makes it easier to scape-goat people, in a world of, lets face it ignorance.

TBH it was there fault for making it that easy, rolling out a locked down pc image isn't the hardest thing in the world.

In my experience, its not the InfoSec's teams fault but they are the first one to be blamed when the sh1t hits the fan.
Generally speaking and my experience is generally at an enterprise level, but the IT department, and InfoSec are different departments. So to put it in lay mans terms, the IT department set up the mail server, and InfoSec complain that it allows connections via telnet, and it takes weeks if not months for the problem to be sorted.

OP, most companies now have a policy of "Do not expect privacy" when talking about corporate communications. Look at it from their point of view, its getting easier and easier for a normal, random user to post a letter filled with(digital) blank cheques. Its no surprise that companies are starting to monitor their email.

With my InfoSec hat on, I'd love to know what she sent that got her sacked.

With my cynical, down-trodden user hat on, I say, what she sent could easily have been relatively innocuous, but the company needs to reduce staff numbers and cant afford paying redundancies, so came up with this issue to let her go. While not entirely legal, also bloody hard to prove. Without further information I can't advise further nor can I advocate legal action.

Lanaier

Interesting, I don't believe I've ever actually worked anywhere where IT and InfoSec were separate departments.
Though I'm willing to believe it's becoming the norm these days.

Eoin

syklops wrote: »

but the company needs to reduce staff numbers and cant afford paying redundancies, so came up with this issue to let her go. While not entirely legal, also bloody hard to prove

The burden of proof is very much on their side. So they would have to absolutely be able back themselves up for instantly dismissing someone.

mikemac1

When I worked with AIB we had to sign an agreement during our induction
Listed a policy and how everything was monitored and breaching it could land you in a disciplinary procedure
I don't need to be told this, everyone knows it can get you fired

I thought blocking www.lotto.ie as a gambling site was a bit over the top though :rolleyes:


About five years in Merrill Lynch Dublin a client complained over some joke email and people got fired over it and more got suspended

Or someone else sent redundancy information to a journalist in the Irish Times and got sacked, no redundancy payment for him. Some sickener

It's taken seriously and sacked people are easily replaced

Edit, just on your wife to sack someone on the spot can still be an issue and if they disregarded their own procedures here she may have a case.
She may have deserved to have been fired but she may win a case on a technicality

bbam

mikemac1 wrote: »

Edit, just on your wife to sack someone on the spot can still be an issue and if they disregarded their own procedures here she may have a case.
She may have deserved to have been fired but she may win a case on a technicality

Probably not.. Any decent procedure will ensure the repercussions include "up to and including termination"..

Eoin

bbam wrote: »

Probably not.. Any decent procedure will ensure the repercussions include "up to and including termination"..

True, instant dismissal should always be an option for serious issues. But they still have to follow certain rules, no matter what their policies say. e.g. right to appeal, right to full disclosure of the alleged offence etc.

The LRC is full of cases where an employee was reinstated / compensated because the employer didn't follow the letter of the law, even though the employee was guilty.